Cyber Security: HSBC Offers Two-Factor Online Authentication

HSBC will begin offering additional online authentication in the wake of increasing attention on security after the retailer data breaches.

With public awareness of cyber security threats on the rise, HSBC will begin offering two-factor authentication for online banking next quarter, says LuAnne Kingston, HSBC’s head of direct banking. The HSBC Security Device, available both as a small hardware device and as a mobile app download, will give online banking customers a unique code they will enter each time they log in.

“The [online authentication] credentials that many companies are using now can easily be defeated by fraudsters,” Kingston notes. “This is why we’re taking a multi-layered approach.”

Recent headlines around major data breaches have generated greater public interest in online security, changing the way customers view security versus convenience in their online transactions, Kingston adds.

“There is a lot of awareness now in the public [about cyber security]… and I think customers are more willing now to give up some convenience for security. And for some customers who may be worried about security, this [two-factor authentication] will help them feel more safe online,” she explains.

The HSBC Security device will provide additional protection for customers, but it is also increasingly important for customers to educate themselves and participate in securing their online identity and activities, Kingston says. She describes online security as a partnership between the customer and the bank, and says that HSBC provides a a number of free educational resources concerning cyber security on its website. The bank also has call center agents that can answer customers’ inquiries about security-related topics and provides free downloads of Trusteer’s anti-malware program on its website, Kingston reports.

HSBC has also provided additional info on its website about the HSBC Security Device for its customers, Kingston adds. “We’ve launched the security device in other countries, and we know customers are interested in this and will adopt this… this is an important step for us in trying to stay one step ahead [of fraudsters].”

Jonathan Camhi has been an associate editor with Bank Systems & Technology since 2012. He previously worked as a freelance journalist in New York City covering politics, health and immigration, and has a master's degree from the City University of New York's Graduate School ... View Full Bio

Cool. We aren't seeing it in insurance yet but certainly some of the providers of high value life& annuities products should be exploring this strategy. Could also be offered as an option for interested parties in P&C or any other insurance line as well.

The user experience does not have to be disrupted if the right two-factor authentication is in place. This solution also seems to be in-band which is still vulnerable to man in the middle attacks (MITM). I wonder which security service HSBC is using to offer their customers this service. I have seen ONLY ONE out of band 2fa solution (which defeats MITM) that isn't annoying to use called Toopher. I don't think enough people are aware of this solution or else it would be taken advantage of much more. Right now the only place I can use Toopher is through LastPass (my password manager.) Toopher does 2fa right by not interrupting the user every time they try to login. I have said it a million times and will keep saying it until I see Toopher offered in more places... it's the future of 2fa and it's time people start realizing that! I am just a security enthusiast who takes my online security seriously... if I can find such a great solution like Toopher, then why aren't other companies doing their research to find them too?

Yeah I think the prevailing wisdom was that customers wouldn't bother taking the extra step. But it seems some think that they will now after the data breaches. I guess there's opportunity here for those willing to act on it.

This is definitely a good move. Two-factor authentication is ideal in any online security environment. I attended a Google event in 2011 where one of their gmail people said they recommend two-factor authentication to every user, though few actually use it.